In modern computer networks, network features such as software modules, firmware features for new hardware, virtual machines, etc. are routinely added, modified, updated, etc. The operational parameters and the configuration of the network features can be modeled using a variety of modeling techniques, such as the YANG modeling language for the standardized Network Configuration Protocol (NETCONF).
In some modeling languages, once a model is defined, revisions to the model can involve adding new parameters to the model; conversely, removal of parameters is oftentimes not permitted. Such a restriction on the removal of parameters from a feature model is problematic for a variety of reasons. Notably, operators of software-defined network routinely choose to restrict access to certain feature parameters for subsets of users—and the inability to remove parameters from feature models in common modeling languages creates hassles for the operators.
To address the problem created by restricting removal of features from a feature model, organizations can utilize a policy engine that enforces rule-based access control policies. However, constantly monitoring the policy engine to check for every occurrence of changes to a feature model is burdensome. Also, altering the enforcement policies upon detecting a change requires advanced know-how and is time-consuming. Additionally, an organization may not have the expertise to identify and establish appropriate values for the authorization policies; likewise, default values provided in the feature model may not be suitable for the organization.